After the Attack. The Transformation of EMC Security Operations

Size: px
Start display at page:

Download "After the Attack. The Transformation of EMC Security Operations"

Transcription

1 After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC 1

2 Agenda Review 2011 Attack on RSA Threat Landscape Key functions of a Security Operations Center The Tyranny of The News Cycle Organizational Impact RSA ACD & ASOC 2

3 The Environment ~ 2,000 security devices ~55M security events per hour ~60K employees 350 sites 85 countries Core Intellectual Property 3

4 EMC SWAT 2005 Special Weapons And Tactics Basic security tools Firewalls Anti-virus Authentication Handful of skilled practitioners Knows how the tech works Understands the different parts of the business / IT 4

5 Structure of Pre-Breach CIRC Eyes on Glass Analysis Forensic Coordination Remediation Rule/Report Creation Workflow Development RSA CIRC L1 L2 L3 5

6 Technology Pre-Breach Incident Tracking Vulnerability Risk Management Firewall IPS Proxy AV SharePoint Security Operations (RSA Archer) Security Controls Windows Clients/Servers File Servers RSA SIEM Databases Data Discovery (RSA DLP) Log Analysis Reporting Event Forensics NAS/SAN Endpoints Limited Real-Time Response Limited Visibility 6

7 The Attack Companies can t stand against the armies of nation states. Why do we believe we can stand against their cyber army? Sam Curry, RSA 7

8 The Initial Vector in the RSA Attack 1 2 Phishing s Some clues about the lead us to believe that this was from some slightly dated research on employees 2 Launch Zero day One user opened attachment (an Excel spreadsheet) which launches a flash zero day 3 Attacker gains access to other machines Zero day exploit installs backdoor (Poison Ivy Rat Variant) which enables extraction of memory resident password hashes X X X X X 8

9 From Compromise to Exfiltration 4 Attacker initiates separate network using credentials obtained from steps Attacker moves laterally through organization, heavily using escalation of privileges, to systems containing disparate information that when combined allowed compromise of RSA SecurID related information ATTACKER 6 Attacker removes data and stages it on a file share within the network 7 Files are encrypted and attacker tries to ex filtrate to several servers before finding a successful destination. External Server 9

10 Additional RSA Attack Details Focused and coherent attack Times of attack were choreographed Attacker moved rapidly to the target: knew what to get and the order to get them Implication: Significant reconnaissance and preparation Leveraged Prior Experience Exploited people and processes more than weaknesses in infrastructure Remote (attacker) hosts were modified to match internal naming structure Very detailed knowledge of the people, process, & infrastructure Implication: People continue to be the easiest target Fresh malware was used Compiled 6 hours before the event Implication: Malware was specifically customized; no known signature to block General list of Command and Control Domains for RSA attack were published in a longer list in the US-CERT EWIN A. The important ones include: *.mincesur.com, *.hopto.org, *.cz88.net 10

11 The Business Impact $70 Million Write-Down Cost of remediation, IT, investigation, consulting, lost revenue, lost productivity Six months focused on remediating authenticators All Authentication-related marketing & sales activity stopped for 6 months Impact to trust Customers: how could you do this to us? Why didn t you contact us first (10-15K customers) Lost some customers permanently All despite no risk to customers 11

12 Present Reality The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him. - Sun Tzu, The Art of War 12

13 Traditional Security Is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 13

14 Advanced Threats Are Different 1 TARGETED SPECIFIC OBJECTIVE 2STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time Attack Identified Response 1 Decrease Dwell Time 2 Speed Response Time 14

15 What s Old Is New Again The consequence of it is, {215} that the United States are to a certain extent in the situation of a country precluded from foreign Commerce. They can indeed, without difficulty obtain from abroad the manufactured supplies, of which they are in want; but they experience numerous and very injurious impediments to the emission and vent of their own commodities. Nor is this the case in reference to a single foreign nation only. The regulations of several countries, with which we have the most extensive intercourse, throw serious obstructions in the way of the principal staples of the United States. Alexander Hamilton REPORT ON MANUFACTURES DECEMBER 5,

16 Online Trust Alliance Guide to Data Protection and Breach Readiness (2013) 2,644 Breaches 267 Million Records $5.5M cost per Breach $194 cost per Record 99% records lost due to external hacking 97% of data breach incidents were avoidable 16

17 Verizon Breach Report (2013) Highlights Victims 37% financial 24% retail & restaurants 20% manufacturing Perpetrators 92% outsiders 19% state-affiliated actors Mode 76% exploit weak/stolen credentials 75% financially motivated Discovery 69% by external parties 66% took months or more to discover 17

18 Verizon Report Recommendations Eliminate unnecessary data Collect, analyze, share Incident data Threat intelligence Focus on better and faster detection Evaluate threat landscape 18

19 The Adversary NATION STATE ACTORS Nation states Government, defense contractors, IP rich organizations, waterholes CRIMINALS Petty criminals Unsophisticated, but noisy Organized crime Organized, sophisticated supply chains (PII, PCI, financial services, retail) NON-STATE ACTORS Insiders Various reasons, including collaboration with the enemy Cyber-terrorists / Hacktivists Political targets of opportunity, mass disruption, mercenary 19

20 Understanding the threat Attack Lifecycle Recon Weaponization Delivery Exploitation Installation C2 Act on Objectives 7-Phase Model for how an adversary engages a victim Any disruption in the chain will impact their actions Human intervention is often required for success and failure All seven steps can be detected, prevented, or minimized Note/ Attribution: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains ; Hutchins, Cloppert, Amin, Lockheed Martin CIRT; Proceedings of the 6th International Conference on Information Warfare,

21 Objective: Affect the Attack Lifecycle Attack Lifecycle Reconnaissance Detect Deny Disrupt Degrade Deceive Weaponize Delivery Exploitation Installation C2 Action 21

22 Security Is Becoming A Big Data Problem More determined adversary means more data needed to identify attacks More complex IT environment means even simple attacks can hide in plain sight Security professionals are struggling to keep up 1 40% of all survey respondents are overwhelmed with the security data they already collect 35% have insufficient time or expertise to analyze what they collect 1 EMA, The Rise of Data-Driven Security, Crawford, Aug 2012 Sample Size =

23 Today s Security Requirements Big Data Infrastructure Need a fast and scalable infrastructure to conduct short term and long term analysis High Powered Analytics Give me the speed and smarts to discover and investigate potential threats in near real time Comprehensive Visibility See everything happening in my environment and normalize it Integrated Intelligence Help me understand what to look for and what others have discovered 23

24 Desired State Protect organizational mission Evolve with the threat environment Operational efficiencies & best practices Process Technolog y People 24

25 What SOC/CIRCs Need: BROAD VISIBILITY & DETECTION Fusing together massive amounts of telemetry data & threat intelligence to detect even the most advanced attacks CONTEXT Knowing which IT assets are important and the location of sensitive data drives investigative efficiency and prioritization FAST INVESTIGATIONS Complete investigations in minutes versus hours REMEDIATION & OPERATIONS MANAGEMENT Workflow driven incident response and SOC/CIRC operations management 25

26 People & Process Technology requires talent and discipline 26

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations

More information

After the Attack: RSA's Security Operations Transformed

After the Attack: RSA's Security Operations Transformed After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security

More information

The session is about to commence. Please switch your phone to silent!

The session is about to commence. Please switch your phone to silent! The session is about to commence. Please switch your phone to silent! 1 Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2 TRUST? Years to earn, seconds to break 3 Market

More information

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

The Future of the Advanced SOC

The Future of the Advanced SOC The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

The Next Generation Security Operations Center

The Next Generation Security Operations Center The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized

More information

Getting Ahead of Advanced Threats

Getting Ahead of Advanced Threats Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1 Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR 場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance

More information

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense GAINING THE ADVANTAGE Applying Cyber Kill Chain Methodology to Network Defense THE MODERN DAY ATTACKER Cyberattacks aren t new, but the stakes at every level are higher than ever. Adversaries are more

More information

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved. SECURITY MEETS BIG DATA Achieve Effectiveness And Efficiency 1 IN 2010 THE DIGITAL UNIVERSE WAS 1.2 ZETTABYTES 1,000,000,000,000,000,000,000 Zetta Exa Peta Tera Giga Mega Kilo Byte Source: 2010 IDC Digital

More information

Data Analytics for a Secure Smart Grid

Data Analytics for a Secure Smart Grid Data Analytics for a Secure Smart Grid Dr. Silvio La Porta Senior Research Scientist EMC Research Europe Ireland COE. Agenda APT modus operandi Data Analysis and Security SPARKS Data Analytics Module Anatomy

More information

Using Network Forensics to Visualize Advanced Persistent Threats

Using Network Forensics to Visualize Advanced Persistent Threats Using Network Forensics to Visualize Advanced Persistent Threats Dale Long, Sr. Technology Consultant, RSA Security 1 The Problem 2 Traditional Security Is Not Working 99% of breaches led to compromise

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry

More information

Covert Operations: Kill Chain Actions using Security Analytics

Covert Operations: Kill Chain Actions using Security Analytics Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

Comprehensive Advanced Threat Defense

Comprehensive Advanced Threat Defense 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,

More information

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

More information

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats Grzegorz Mucha grzegorz.mucha@rsa.com Advanced Threats Threat Landscape Criminals Petty criminals

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

DYNAMIC DNS: DATA EXFILTRATION

DYNAMIC DNS: DATA EXFILTRATION DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to

More information

Rashmi Knowles Chief Security Architect EMEA

Rashmi Knowles Chief Security Architect EMEA Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Best Practices to Improve Breach Readiness

Best Practices to Improve Breach Readiness Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security

More information

A New Perspective on Protecting Critical Networks from Attack:

A New Perspective on Protecting Critical Networks from Attack: Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

Software that provides secure access to technology, everywhere.

Software that provides secure access to technology, everywhere. Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How

More information

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a

More information

Intelligence Driven Security

Intelligence Driven Security Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings

More information

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS

More information

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

Digital Evidence and Threat Intelligence

Digital Evidence and Threat Intelligence Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Trends in Advanced Threat Protection

Trends in Advanced Threat Protection Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security

More information

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY Shaun McLagan General Manager, RSA Australia and New Zealand 1 Things have changed #2 Buzz word 2012 Big Data only behind something called Fiscal

More information

Joining Forces: Bringing Big Data to your Security Team

Joining Forces: Bringing Big Data to your Security Team Joining Forces: Bringing Big Data to your Security Team Alaa Abdulnabi, CISSP RSA Regional Pre-Sales Manager Turkey, Middle East & Africa @AlaaAbdulnabi 1 Facteurs de mutation du marché Appareils mobiles

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

CYBER ATTACKS CASHING IN ON RETAILERS: A WEBINAR ON CYBERSECURITY

CYBER ATTACKS CASHING IN ON RETAILERS: A WEBINAR ON CYBERSECURITY CYBER ATTACKS CASHING IN ON RETAILERS: A WEBINAR ON CYBERSECURITY May 21, 2015 WELCOME Jim Ambrosini CISSP, CFE, CISA, CRISC, CRMA is a Managing Director with CohnReznick Advisory Group who leads its cybersecurity

More information

Using SIEM for Real- Time Threat Detection

Using SIEM for Real- Time Threat Detection Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Detect & Investigate Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide

More information

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

Hunting for Indicators of Compromise

Hunting for Indicators of Compromise Hunting for Indicators of Compromise Lucas Zaichkowsky Mandiant Session ID: END-R31 Session Classification: Intermediate Agenda Threat brief Defensive strategy overview Hunting for Indicators of Compromise

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

idata Improving Defences Against Targeted Attack

idata Improving Defences Against Targeted Attack idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does

More information

Agile Cyber Security Security for the Real World, Architectural Approach

Agile Cyber Security Security for the Real World, Architectural Approach Agile Cyber Security Security for the Real World, Architectural Approach Osama Al-Zoubi Senior Manger, Systems Engineering Fahad Aljutaily Senior Solution Architect, Security Market Trends Welcome to the

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Large Scale Breach Lessons Learned. September 2013

Large Scale Breach Lessons Learned. September 2013 Large Scale Breach Lessons Learned September 2013 1 A Comprehensive Approach to Advanced Threat Defense The threat landscape has changed Adversaries have the ability to develop customized, targeted, and

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

2010 Data Breach Investigations Report

2010 Data Breach Investigations Report 2010 Data Breach Investigations Report Matthijs van de Wel Managing Principal Forensics EMEA 2010 Verizon. All Rights Reserved. PTE14626 07/10 PROPRIETARY STATEMENT This document and any attached materials

More information

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com

An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

Incident Response 101: You ve been hacked, now what?

Incident Response 101: You ve been hacked, now what? Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape

More information